Passwords and Biometrics. Can they coexist, and should they?

The vision of a biometrics-led future for IT security is breathtaking, but is there a place in the future for passwords? Or are passwords ancient history?

Passwords Need Better Management, Not Replacement

Forget your passwords. They’re ancient history. That’s the message you’ll increasingly see if you keep up with the latest developments in security.

But what is the real impact of innovations like biometrics on the old-fashioned password? Are we really heading to a biometrics-led future, and if so, why should anyone invest in better password and privileged account security now?

The answer is in the fundamentals of best practice around IT security: multi-layered protection that removes any single point of weakness.

The vision of our biometrics-led future is breathtaking. Every user carries their means of authentication with them at every living moment—from their eyes to their fingerprints—and simply verifies their identity with a simple touch or glance. It’s faster and easier than any password could ever be.

While biometrics are becoming more sophisticated, the reality is that the technology has a long way to go. And, in the event of a breach, a fingerprint or iris is a lot harder to change than a password.

Why passwords are interwoven with new technologies

Innovative new security measures will undoubtedly affect the way we do business and play a key role in making data more secure. But alongside these new technologies, passwords are still likely to play a significant part in security.

By definition, two-factor authentication—considered a vital evolution in the way we secure data—requires two factors to authenticate. Even as one of those factors becomes a fingerprint, an iris, or machine using the Internet of Things, passwords will remain a familiar, largely unique, and easy to rotate variable.

The best security is about layers, not replacing one effective form of protection with another. Innovation isn’t exciting because we can say goodbye to our existing layers of protection: it’s exciting because it adds yet another obstacle for attackers to penetrate before they reach the data that matters.

Passwords need better management, not replacement

Passwords aren’t inherently insecure, but the way many enterprises use and manage their passwords is. That’s why, as we embrace new technology to complement password management, we all need to take the opportunity to make sure we’re getting the basics right.

Bringing your passwords and privileged accounts under your control starts quite simply: list them and check their complexity. Across your shared logins, service accounts, default accounts and passwords held by machines, auditing your passwords is a vital first step in improving your security.

To help you get started, we have put together a free tool to scan Active Directory and find weak passwords.